Choose style:

Author Topic: Security  (Read 1218 times)

0 Members and 1 Guest are viewing this topic.

Offline aagimob

  • Jr. Member
  • **
  • Posts: 83
  • Karma: 36
  • aagimob
    • View Profile
  • Peppermint version(s): Peppermint 5 & Peppermint 10
Security
« on: July 04, 2015, 01:21:44 pm »
Hello ! I want to begin by apologizing that i have not presented myself at the beginning. I was "enchanred by the view"...and did not see the signs...accept fined me...My name is Anton Adrian and i am from Bucharest,Romania. i wont to know if i can raise a security issue here. I use Peppermint 5 and i did a scan with chkrootkit....so, the result was good with one exception : Searching for Suckit rootkit........Warning: / sbin / init INFECTED...........i have done research on the net and found that other distros (ex.Fedora) have the same problem. My question is if it"s a false/positive (bug?) and is the answer is yes,this problem olso found in Peppermint 6 ? Thanck you for understanding.

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5453
  • Karma: 957
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Security
« Reply #1 on: July 04, 2015, 02:58:44 pm »
Interesting!  Looks like this bug has cropped up again - been happening off n' on for years.  >:(

First, I checked Ubu 15.10.  The report was clean.

Then, I checked Peppermint Six...

Spoiler (click here to view / hide)
vindsl@Sandman ~ $ sudo apt install chkrootkit
[sudo] password for vindsl:
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following NEW packages will be installed:
  chkrootkit
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 294 kB of archives.
After this operation, 922 kB of additional disk space will be used.
Get:1 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main chkrootkit i386 0.49-4.1ubuntu1.14.04.1 [294 kB]
Fetched 294 kB in 0s (309 kB/s)     
Preconfiguring packages ...
Selecting previously unselected package chkrootkit.
(Reading database ... 156290 files and directories currently installed.)
Preparing to unpack .../chkrootkit_0.49-4.1ubuntu1.14.04.1_i386.deb ...
Unpacking chkrootkit (0.49-4.1ubuntu1.14.04.1) ...
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
Setting up chkrootkit (0.49-4.1ubuntu1.14.04.1) ...
vindsl@Sandman ~ $ sudo chkrootkit
ROOTDIR is `/'
Checking `amd'...                                           not found
Checking `basename'...                                      not infected
Checking `biff'...                                          not found
Checking `chfn'...                                          not infected
Checking `chsh'...                                          not infected
Checking `cron'...                                          not infected
Checking `crontab'...                                       not infected
Checking `date'...                                          not infected
Checking `du'...                                            not infected
Checking `dirname'...                                       not infected
Checking `echo'...                                          not infected
Checking `egrep'...                                         not infected
Checking `env'...                                           not infected
Checking `find'...                                          not infected
Checking `fingerd'...                                       not found
Checking `gpm'...                                           not found
Checking `grep'...                                          not infected
Checking `hdparm'...                                        not infected
Checking `su'...                                            not infected
Checking `ifconfig'...                                      not infected
Checking `inetd'...                                         not infected
Checking `inetdconf'...                                     not found
Checking `identd'...                                        not found
Checking `init'...                                          not infected
Checking `killall'...                                       not infected
Checking `ldsopreload'...                                   not infected
Checking `login'...                                         not infected
Checking `ls'...                                            not infected
Checking `lsof'...                                          not infected
Checking `mail'...                                          not found
Checking `mingetty'...                                      not found
Checking `netstat'...                                       not infected
Checking `named'...                                         not found
Checking `passwd'...                                        not infected
Checking `pidof'...                                         not infected
Checking `pop2'...                                          not found
Checking `pop3'...                                          not found
Checking `ps'...                                            not infected
Checking `pstree'...                                        not infected
Checking `rpcinfo'...                                       not found
Checking `rlogind'...                                       not found
Checking `rshd'...                                          not found
Checking `slogin'...                                        not infected
Checking `sendmail'...                                      not found
Checking `sshd'...                                          not found
Checking `syslogd'...                                       not tested
Checking `tar'...                                           not infected
Checking `tcpd'...                                          not infected
Checking `tcpdump'...                                       not infected
Checking `top'...                                           not infected
Checking `telnetd'...                                       not found
Checking `timed'...                                         not found
Checking `traceroute'...                                    not found
Checking `vdir'...                                          not infected
Checking `w'...                                             not infected
Checking `write'...                                         not infected
Checking `aliens'...                                        no suspect files
Searching for sniffer's logs, it may take a while...        nothing found
Searching for rootkit HiDrootkit's default files...         nothing found
Searching for rootkit t0rn's default files...               nothing found
Searching for t0rn's v8 defaults...                         nothing found
Searching for rootkit Lion's default files...               nothing found
Searching for rootkit RSHA's default files...               nothing found
Searching for rootkit RH-Sharpe's default files...          nothing found
Searching for Ambient's rootkit (ark) default files and dirs... nothing found
Searching for suspicious files and dirs, it may take a while... The following suspicious files and directories were found: 
/usr/lib/pymodules/python2.7/.path /usr/lib/icedove/.autoreg /lib/modules/4.1.1-040101-lowlatency/vdso/.build-id /lib/modules/3.16.0-41-generic/vdso/.build-id
/lib/modules/4.1.1-040101-lowlatency/vdso/.build-id /lib/modules/3.16.0-41-generic/vdso/.build-id
Searching for LPD Worm files and dirs...                    nothing found
Searching for Ramen Worm files and dirs...                  nothing found
Searching for Maniac files and dirs...                      nothing found
Searching for RK17 files and dirs...                        nothing found
Searching for Ducoci rootkit...                             nothing found
Searching for Adore Worm...                                 nothing found
Searching for ShitC Worm...                                 nothing found
Searching for Omega Worm...                                 nothing found
Searching for Sadmind/IIS Worm...                           nothing found
Searching for MonKit...                                     nothing found
Searching for Showtee...                                    nothing found
Searching for OpticKit...                                   nothing found
Searching for T.R.K...                                      nothing found
Searching for Mithra...                                     nothing found
Searching for LOC rootkit...                                nothing found
Searching for Romanian rootkit...                           nothing found
Searching for Suckit rootkit...                             Warning: /sbin/init INFECTED
Searching for Volc rootkit...                               nothing found
Searching for Gold2 rootkit...                              nothing found
Searching for TC2 Worm default files and dirs...            nothing found
Searching for Anonoying rootkit default files and dirs...   nothing found
Searching for ZK rootkit default files and dirs...          nothing found
Searching for ShKit rootkit default files and dirs...       nothing found
Searching for AjaKit rootkit default files and dirs...      nothing found
Searching for zaRwT rootkit default files and dirs...       nothing found
Searching for Madalin rootkit default files...              nothing found
Searching for Fu rootkit default files...                   nothing found
Searching for ESRK rootkit default files...                 nothing found
Searching for rootedoor...                                  nothing found
Searching for ENYELKM rootkit default files...              nothing found
Searching for common ssh-scanners default files...          nothing found
Searching for suspect PHP files...                          nothing found
Searching for anomalies in shell history files...           nothing found
Checking `asp'...                                           not infected
Checking `bindshell'...                                     not infected
Checking `lkm'...                                           chkproc: nothing detected
chkdirs: nothing detected
Checking `rexedcs'...                                       not found
Checking `sniffer'...                                       lo: not promisc and no packet sniffer sockets
wlan0: PACKET SNIFFER(/sbin/wpa_supplicant[915], /sbin/dhclient[1216])
Checking `w55808'...                                        not infected
Checking `wted'...                                          chkwtmp: nothing deleted
Checking `scalper'...                                       not infected
Checking `slapper'...                                       not infected
Checking `z2'...                                            user vindsl deleted or never logged from lastlog!
user root deleted or never logged from lastlog!
Checking `chkutmp'...                                        The tty of the following user process(es) were not found
 in /var/run/utmp !
! RUID          PID TTY    CMD
! root         1150 tty7   /usr/bin/X -core :0 -seat seat0 -auth /var/run/lightdm/root/:0 -nolisten tcp vt7 -novtswitch
chkutmp: nothing deleted
Checking `OSX_RSPLUG'...                                    not infected
vindsl@Sandman ~ $
[close]


It's baaaack  :P

Code: [Select]
Searching for Suckit rootkit...  Warning: /sbin/init INFECTED

This is a long-standing 'false alarm' that needs to be fixed upstream. 

The most likely scenario is they'll patch it -- it'll go away for awhile -- then something or another will trigger a regression.

I'll check into it, but personally, I wouldn't  lose any sleep over it...  ;)
« Last Edit: July 04, 2015, 04:28:44 pm by VinDSL, Reason: Addendum »

Offline aagimob

  • Jr. Member
  • **
  • Posts: 83
  • Karma: 36
  • aagimob
    • View Profile
  • Peppermint version(s): Peppermint 5 & Peppermint 10
Re: Security
« Reply #2 on: July 04, 2015, 03:20:45 pm »
Thanck you.

Offline VinDSL

  • Global Moderator
  • Hero
  • *****
  • Posts: 5453
  • Karma: 957
  • Peppermint Mod
    • View Profile
  • Peppermint version(s): Developmental Builds
Re: Security
« Reply #3 on: July 04, 2015, 03:23:43 pm »
Welcome!

Offline AndyInMokum

  • Global Moderator
  • Hero
  • *****
  • Posts: 4808
  • Karma: 1013
  • "Keep on Rockin' in the Free World"
    • View Profile
  • Peppermint version(s): PM 9 & PM 8 Respin-2 (64-bit)
Re: Security
« Reply #4 on: July 04, 2015, 03:41:01 pm »
Hi Anton and welcome again mate  ;)!!
Backup! Backup! Backup! If you're missing any of these -  you ain't Backed Up!
For my system info please L/click HERE.

Offline aagimob

  • Jr. Member
  • **
  • Posts: 83
  • Karma: 36
  • aagimob
    • View Profile
  • Peppermint version(s): Peppermint 5 & Peppermint 10
Re: Security
« Reply #5 on: July 04, 2015, 03:53:34 pm »
Thanck you Andy.